1. 15 Jul, 2008 15 commits
    • Max Krasnyansky's avatar
      tun: Fix/rewrite packet filtering logic · f271b2cc
      Max Krasnyansky authored
      Please see the following thread to get some context on this
      	http://marc.info/?l=linux-netdev&m=121564433018903&w=2
      
      Basically the issue is that current multi-cast filtering stuff in
      the TUN/TAP driver is seriously broken.
      Original patch went in without proper review and ACK. It was broken and
      confusing to start with and subsequent patches broke it completely.
      To give you an idea of what's broken here are some of the issues:
      
      - Very confusing comments throughout the code that imply that the
      character device is a network interface in its own right, and that packets
      are passed between the two nics. Which is completely wrong.
      
      - Wrong set of ioctls is used for setting up filters. They look like
      shortcuts for manipulating state of the tun/tap network interface but
      in reality manipulate the state of the TX filter.
      
      - ioctls that were originally used for setting address of the the TX filter
      got "fixed" and now set the address of the network interface itself. Which
      made filter totaly useless.
      
      - Filtering is done too late. Instead of filtering early on, to avoid
      unnecessary wakeups, filtering is done in the read() call.
      
      The list goes on and on :)
      
      So the patch cleans all that up. It introduces simple and clean interface for
      setting up TX filters (TUNSETTXFILTER + tun_filter spec) and does filtering
      before enqueuing the packets.
      
      TX filtering is useful in the scenarios where TAP is part of a bridge, in
      which case it gets all broadcast, multicast and potentially other packets when
      the bridge is learning. So for example Ethernet tunnelling app may want to
      setup TX filters to avoid tunnelling multicast traffic. QEMU and other
      hypervisors can push RX filtering that is currently done in the guest into the
      host context therefore saving wakeups and unnecessary data transfer.
      Signed-off-by: default avatarMax Krasnyansky <maxk@qualcomm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f271b2cc
    • Wang Chen's avatar
      8021q: Check return of dev_set_promiscuity/allmulti · 89146504
      Wang Chen authored
      dev_set_promiscuity/allmulti might overflow.
      Commit: "netdevice: Fix promiscuity and allmulti overflow" in net-next makes
      dev_set_promiscuity/allmulti return error number if overflow happened.
      
      Here, we check all positive increment for promiscuity and allmulti
      to get error return.
      Signed-off-by: default avatarWang Chen <wangchen@cn.fujitsu.com>
      Acked-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      89146504
    • Wang Chen's avatar
      macvlan: Check return of dev_set_allmulti · b89fb7da
      Wang Chen authored
      allmulti might overflow.
      Commit: "netdevice: Fix promiscuity and allmulti overflow" in net-next makes
      dev_set_promiscuity/allmulti return error number if overflow happened.
      
      Here, we check the positive increment for allmulti to get error return.
      Signed-off-by: default avatarWang Chen <wangchen@cn.fujitsu.com>
      Acked-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b89fb7da
    • Wang Chen's avatar
      ipv4: Fix ipmr unregister device oops · 7dc00c82
      Wang Chen authored
      An oops happens during device unregister.
      
      The following oops happened when I add two tunnels, which
      use a same device, and then delete one tunnel.
      Obviously deleting tunnel "A" causes device unregister, which
      send a notification, and after receiving notification, ipmr do
      unregister again for tunnel "B" which also use same device.
      That is wrong.
      After receiving notification, ipmr only needs to decrease reference
      count and don't do duplicated unregister.
      Fortunately, IPv6 side doesn't add tunnel in ip6mr, so it's clean.
      
      This patch fixs:
      - unregister device oops
      - using after dev_put()
      
      Here is the oops:
      ===
      Jul 11 15:39:29 wangchen kernel: ------------[ cut here ]------------
      Jul 11 15:39:29 wangchen kernel: kernel BUG at net/core/dev.c:3651!
      Jul 11 15:39:29 wangchen kernel: invalid opcode: 0000 [#1] 
      Jul 11 15:39:29 wangchen kernel: Modules linked in: ipip tunnel4 nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs ipv6 snd_pcm_oss snd_mixer_oss snd_seq snd_seq_device af_packet binfmt_misc button battery ac loop dm_mod usbhid ff_memless pcmcia firmware_class ohci1394 8139too mii ieee1394 yenta_socket rsrc_nonstatic pcmcia_core ide_cd_mod cdrom snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm i2c_i801 snd_timer snd i2c_core soundcore snd_page_alloc rng_core shpchp ehci_hcd uhci_hcd pci_hotplug intel_agp agpgart usbcore ext3 jbd ata_piix ahci libata dock edd fan thermal processor thermal_sys piix sd_mod scsi_mod ide_disk ide_core [last unloaded: freq_table]
      Jul 11 15:39:29 wangchen kernel: 
      Jul 11 15:39:29 wangchen kernel: Pid: 4102, comm: mroute Not tainted (2.6.26-rc9-default #69)
      Jul 11 15:39:29 wangchen kernel: EIP: 0060:[<c024636b>] EFLAGS: 00010202 CPU: 0
      Jul 11 15:39:29 wangchen kernel: EIP is at rollback_registered+0x61/0xe3
      Jul 11 15:39:29 wangchen kernel: EAX: 00000001 EBX: ecba6000 ECX: 00000000 EDX: ffffffff
      Jul 11 15:39:29 wangchen kernel: ESI: 00000001 EDI: ecba6000 EBP: c03de2e8 ESP: ed8e7c3c
      Jul 11 15:39:29 wangchen kernel:  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
      Jul 11 15:39:29 wangchen kernel: Process mroute (pid: 4102, ti=ed8e6000 task=ed41e830 task.ti=ed8e6000)
      Jul 11 15:39:29 wangchen kernel: Stack: ecba6000 c024641c 00000028 c0284e1a 00000001 c03de2e8 ecba6000 eecff360 
      Jul 11 15:39:29 wangchen kernel:        c0284e4c c03536f4 fffffff8 00000000 c029a819 ecba6000 00000006 ecba6000 
      Jul 11 15:39:29 wangchen kernel:        00000000 ecba6000 c03de2c0 c012841b ffffffff 00000000 c024639f ecba6000 
      Jul 11 15:39:29 wangchen kernel: Call Trace:
      Jul 11 15:39:29 wangchen kernel:  [<c024641c>] unregister_netdevice+0x2f/0x51
      Jul 11 15:39:29 wangchen kernel:  [<c0284e1a>] vif_delete+0xaf/0xc3
      Jul 11 15:39:29 wangchen kernel:  [<c0284e4c>] ipmr_device_event+0x1e/0x30
      Jul 11 15:39:29 wangchen kernel:  [<c029a819>] notifier_call_chain+0x2a/0x47
      Jul 11 15:39:29 wangchen kernel:  [<c012841b>] raw_notifier_call_chain+0x9/0xc
      Jul 11 15:39:29 wangchen kernel:  [<c024639f>] rollback_registered+0x95/0xe3
      Jul 11 15:39:29 wangchen kernel:  [<c024641c>] unregister_netdevice+0x2f/0x51
      Jul 11 15:39:29 wangchen kernel:  [<c0284e1a>] vif_delete+0xaf/0xc3
      Jul 11 15:39:29 wangchen kernel:  [<c0285eee>] ip_mroute_setsockopt+0x47a/0x801
      Jul 11 15:39:29 wangchen kernel:  [<eea5a70c>] do_get_write_access+0x2df/0x313 [jbd]
      Jul 11 15:39:29 wangchen kernel:  [<c01727c4>] __find_get_block_slow+0xda/0xe4
      Jul 11 15:39:29 wangchen kernel:  [<c0172a7f>] __find_get_block+0xf8/0x122
      Jul 11 15:39:29 wangchen kernel:  [<c0172a7f>] __find_get_block+0xf8/0x122
      Jul 11 15:39:29 wangchen kernel:  [<eea5d563>] journal_cancel_revoke+0xda/0x110 [jbd]
      Jul 11 15:39:29 wangchen kernel:  [<c0263501>] ip_setsockopt+0xa9/0x9ee
      Jul 11 15:39:29 wangchen kernel:  [<eea5d563>] journal_cancel_revoke+0xda/0x110 [jbd]
      Jul 11 15:39:29 wangchen kernel:  [<eea5a70c>] do_get_write_access+0x2df/0x313 [jbd]
      Jul 11 15:39:29 wangchen kernel:  [<eea69287>] __ext3_get_inode_loc+0xcf/0x271 [ext3]
      Jul 11 15:39:29 wangchen kernel:  [<eea743c7>] __ext3_journal_dirty_metadata+0x13/0x32 [ext3]
      Jul 11 15:39:29 wangchen kernel:  [<c0116434>] __wake_up+0xf/0x15
      Jul 11 15:39:29 wangchen kernel:  [<eea5a424>] journal_stop+0x1bd/0x1c6 [jbd]
      Jul 11 15:39:29 wangchen kernel:  [<eea703a7>] __ext3_journal_stop+0x19/0x34 [ext3]
      Jul 11 15:39:29 wangchen kernel:  [<c014291e>] get_page_from_freelist+0x94/0x369
      Jul 11 15:39:29 wangchen kernel:  [<c01408f2>] filemap_fault+0x1ac/0x2fe
      Jul 11 15:39:29 wangchen kernel:  [<c01a605e>] security_sk_alloc+0xd/0xf
      Jul 11 15:39:29 wangchen kernel:  [<c023edea>] sk_prot_alloc+0x36/0x78
      Jul 11 15:39:29 wangchen kernel:  [<c0240037>] sk_alloc+0x3a/0x40
      Jul 11 15:39:29 wangchen kernel:  [<c0276062>] raw_hash_sk+0x46/0x4e
      Jul 11 15:39:29 wangchen kernel:  [<c0166aff>] d_alloc+0x1b/0x157
      Jul 11 15:39:29 wangchen kernel:  [<c023e4d1>] sock_common_setsockopt+0x12/0x16
      Jul 11 15:39:29 wangchen kernel:  [<c023cb1e>] sys_setsockopt+0x6f/0x8e
      Jul 11 15:39:29 wangchen kernel:  [<c023e105>] sys_socketcall+0x15c/0x19e
      Jul 11 15:39:29 wangchen kernel:  [<c0103611>] sysenter_past_esp+0x6a/0x99
      Jul 11 15:39:29 wangchen kernel:  [<c0290000>] unix_poll+0x69/0x78
      Jul 11 15:39:29 wangchen kernel:  =======================
      Jul 11 15:39:29 wangchen kernel: Code: 83 e0 01 00 00 85 c0 75 1f 53 53 68 12 81 31 c0 e8 3c 30 ed ff ba 3f 0e 00 00 b8 b9 7f 31 c0 83 c4 0c 5b e9 f5 26 ed ff 48 74 04 <0f> 0b eb fe 89 d8 e8 21 ff ff ff 89 d8 e8 62 ea ff ff c7 83 e0 
      Jul 11 15:39:29 wangchen kernel: EIP: [<c024636b>] rollback_registered+0x61/0xe3 SS:ESP 0068:ed8e7c3c
      Jul 11 15:39:29 wangchen kernel: ---[ end trace c311acf85d169786 ]---
      ===
      Signed-off-by: default avatarWang Chen <wangchen@cn.fujitsu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7dc00c82
    • Wang Chen's avatar
      ipv4: Check return of dev_set_allmulti · d607032d
      Wang Chen authored
      allmulti might overflow.
      Commit: "netdevice: Fix promiscuity and allmulti overflow" in net-next makes
      dev_set_promiscuity/allmulti return error number if overflow happened.
      
      Here, we check the positive increment for allmulti to get error return.
      
      PS: For unwinding tunnel creating, we let ipip->ioctl() to handle it.
      Signed-off-by: default avatarWang Chen <wangchen@cn.fujitsu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d607032d
    • Wang Chen's avatar
      ipv6: Fix using after dev_put() · 7af3db78
      Wang Chen authored
      Patrick McHardy pointed it out.
      Signed-off-by: default avatarWang Chen <wangchen@cn.fujitsu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7af3db78
    • Wang Chen's avatar
      ipv6: Check return of dev_set_allmulti · 5ae7b444
      Wang Chen authored
      allmulti might overflow.
      Commit: "netdevice: Fix promiscuity and allmulti overflow" in net-next makes
      dev_set_promiscuity/allmulti return error number if overflow happened.
      
      Here, we check the positive increment for allmulti to get error return.
      Signed-off-by: default avatarWang Chen <wangchen@cn.fujitsu.com>
      Acked-by: Patrick McHardy <kaber@trash.net> 
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5ae7b444
    • Wang Chen's avatar
      bridge: Check return of dev_set_promiscuity · bc3f9076
      Wang Chen authored
      dev_set_promiscuity/allmulti might overflow.
      Commit: "netdevice: Fix promiscuity and allmulti overflow" in net-next makes
      dev_set_promiscuity/allmulti return error number if overflow happened.
      
      Here, we check the positive increment for promiscuity to get error return.
      Signed-off-by: default avatarWang Chen <wangchen@cn.fujitsu.com>
      Signed-off-by: default avatarStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bc3f9076
    • Wang Chen's avatar
      bonding: Check return of dev_set_promiscuity/allmulti · 7e1a1ac1
      Wang Chen authored
      dev_set_promiscuity/allmulti might overflow.
      Commit: "netdevice: Fix promiscuity and allmulti overflow" in net-next makes
      dev_set_promiscuity/allmulti return error number if overflow happened.
      
      In bond_alb and bond_main, we check all positive increment for promiscuity
      and allmulti to get error return.
      But there are still two problems left.
      1. Some code path has no mechanism to signal errors upstream.
      2. If there are multi slaves, it's hard to tell which slaves increment
         promisc/allmulti successfully and which failed.
      So I left these problems to be FIXME.
      Fortunately, the overflow is very rare case.
      Signed-off-by: default avatarWang Chen <wangchen@cn.fujitsu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7e1a1ac1
    • Wang Chen's avatar
      af_packet: Check return of dev_set_promiscuity/allmulti · 2aeb0b88
      Wang Chen authored
      dev_set_promiscuity/allmulti might overflow.  Commit: "netdevice: Fix
      promiscuity and allmulti overflow" in net-next makes
      dev_set_promiscuity/allmulti return error number if overflow happened.
      
      In af_packet, we check all positive increment for promiscuity and
      allmulti to get error return.
      Signed-off-by: default avatarWang Chen <wangchen@cn.fujitsu.com>
      Acked-by: Patrick McHardy <kaber@trash.net> 
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2aeb0b88
    • David S. Miller's avatar
    • Patrick McHardy's avatar
      72d9794f
    • David S. Miller's avatar
    • David S. Miller's avatar
      Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 · 2aec609f
      David S. Miller authored
      Conflicts:
      
      	net/netfilter/nf_conntrack_proto_tcp.c
      2aec609f
    • David S. Miller's avatar
  2. 14 Jul, 2008 25 commits